• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 350 subscribers
  • Views 937 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The TLB issues that occur during context switching using ttb0 and ttbr1

lusson

In our RTOS system (Hw:  ARMv8-CortexA55) we use a similar approach as Linux by using TTB0 and TTB1 for context switching during process transitions.

-----------------------------

cpu_do_switch_mm:
mrs x2, ttbr1_el1
bfi x2, x1, #48, #16
msr ttbr1_el1, x2
isb
msr ttbr0_el1, x0
isb
------------------------------
 
In our system, we save the ASID (Address Space Identifier) and the base address of the kernel page table in TTBR1, while the base address of the application page table is saved in TTBR0.
However, during stress testing, TLB errors occur, and the current process accesses addresses belonging to other processes. After investigation and analysis, it appears that there may be an issue with the ASID.
No issues have been found at the software level. After analysis, it appears that in the above code, after updating the ASID in TTBR1, the AMR hardware prefetches the page table content of TTBR0 into the TLB before executing the write to TTBR0. This results in a situation where the new ASID corresponds to the old base address of the application page table.
Therefore, we modified the code to attempt to disable the TLB for TTBR0 during this code segment. After testing, we found that the issue disappeared.
The new code:
-----------------------
cpu_do_switch_mm:
mrs x2, ttbr1_el1
bfi x2, x1, #48, #16
mrs x1, tcr_el1
orr x1, x1, #TCR_EPD0_MASK
msr tcr_el1, x1
msr ttbr1_el1, x2
isb
msr ttbr0_el1, x0
mrs x1, tcr_el1
and x1, x1, #TCR_EPD0_MASK_NOT
msr tcr_el1, x1
isb
----------------------
Another experiment was conducted by placing the ASID in TTBR0 as an atomic operation. This approach resolves the issue.
(We also encountered a similar issue several years ago on Cortex-A7.  NXP6UL)
Why doesn't Linux encounter similar issues when using TTB0 and TTBR1? Are there any other solutions available (Not by resolving it through TLB flushing.)?